*Some sensitive information has been changed
in the details below to protect the privacy of the
people involved in this attack.

All seemed to be going according to plan.

The homebuyers had just a few last-minute tasks
to complete, and they’d have the keys to their
new home. Of the remaining tasks—the time had
come for the buyers to wire funds to close escrow.

However, on the day that the buyers were set
to wire funds, they received an email from their
mortgage company stating that they switched
banks, and to follow the updated wiring instructions
in the email attachment.

Actual message received by the homebuyer
from the attacker.

Asaf Cidon

Buying a house is one of the most important purchases people ever make, and often one they’ve been saving for
years in order to finally place their
signature on the closing documents. When you think about the
amount of time and effort it takes
to not only find the perfect house,
get an offer accepted, and ultimately make it through the signing process—the
deep breath at the end is truly refreshing. But, what
if that breath got delayed, or worse—never came
because a cybercriminal interfered with the process
and had the loan payment wired to them instead of
the seller? This nightmare scenario can have substantial financial consequences for the homebuyer.
They could end up losing the house, a whole lot of
money, personal information, and much more.

Sadly, this is a real scenario, and as spearphishing attacks continue to increase— people,businesses, and brands should be on high alert.

HIGHLIGHTED THREAT:

Spear Phishing for Mortgages—the attacker
attempts to interfere with a mortgage closure and
almost runs off with a large sum of money if it
wasn’t for an alert user.